From 6a1b6f2e44b54207985848a79a87b32e0eb2bae9 Mon Sep 17 00:00:00 2001
From: Scott Nonnenberg <scott@signal.org>
Date: Tue, 6 Sep 2022 16:28:00 -0700
Subject: [PATCH] Protocol Filter: Catch and return 'invalid url' on all errors

---
 app/protocol_filter.ts | 62 +++++++++++++++++++++---------------------
 1 file changed, 31 insertions(+), 31 deletions(-)

diff --git a/app/protocol_filter.ts b/app/protocol_filter.ts
index f17c8429075..896d85f6ce4 100644
--- a/app/protocol_filter.ts
+++ b/app/protocol_filter.ts
@@ -84,6 +84,37 @@ function _createFileHandler({
 
     try {
       targetPath = _urlToPath(request.url, { isWindows });
+
+      // normalize() is primarily useful here for switching / to \ on windows
+      const target = normalize(targetPath);
+      // here we attempt to follow symlinks to the ultimate final path, reflective of what
+      //   we do in main.js on userDataPath and installPath
+      const realPath = existsSync(target) ? realpathSync(target) : target;
+      // finally we do case-insensitive checks on windows
+      const properCasing = isWindows ? realPath.toLowerCase() : realPath;
+
+      if (!isAbsolute(realPath)) {
+        console.log(
+          `Warning: denying request to non-absolute path '${realPath}'`
+        );
+        // This is an "Access Denied" error. See [Chromium's net error list][0].
+        //
+        // [0]: https://source.chromium.org/chromium/chromium/src/+/master:net/base/net_error_list.h;l=57;drc=a836ee9868cf1b9673fce362a82c98aba3e195de
+        callback({ error: -10 });
+        return;
+      }
+
+      for (const root of allowedRoots) {
+        if (properCasing.startsWith(isWindows ? root.toLowerCase() : root)) {
+          callback({ path: realPath });
+          return;
+        }
+      }
+
+      console.log(
+        `Warning: denying request to path '${realPath}' (allowedRoots: '${allowedRoots}')`
+      );
+      callback({ error: -10 });
     } catch (err) {
       const errorMessage =
         err && typeof err.message === 'string'
@@ -94,38 +125,7 @@ function _createFileHandler({
       );
 
       callback({ error: -300 });
-      return;
     }
-    // normalize() is primarily useful here for switching / to \ on windows
-    const target = normalize(targetPath);
-    // here we attempt to follow symlinks to the ultimate final path, reflective of what
-    //   we do in main.js on userDataPath and installPath
-    const realPath = existsSync(target) ? realpathSync(target) : target;
-    // finally we do case-insensitive checks on windows
-    const properCasing = isWindows ? realPath.toLowerCase() : realPath;
-
-    if (!isAbsolute(realPath)) {
-      console.log(
-        `Warning: denying request to non-absolute path '${realPath}'`
-      );
-      // This is an "Access Denied" error. See [Chromium's net error list][0].
-      //
-      // [0]: https://source.chromium.org/chromium/chromium/src/+/master:net/base/net_error_list.h;l=57;drc=a836ee9868cf1b9673fce362a82c98aba3e195de
-      callback({ error: -10 });
-      return;
-    }
-
-    for (const root of allowedRoots) {
-      if (properCasing.startsWith(isWindows ? root.toLowerCase() : root)) {
-        callback({ path: realPath });
-        return;
-      }
-    }
-
-    console.log(
-      `Warning: denying request to path '${realPath}' (allowedRoots: '${allowedRoots}')`
-    );
-    callback({ error: -10 });
   };
 }